Hey Jouri,
I don't agree with this one. I tested it out on my
localhost and got the two error messages I told you I
was going to get:
Warning: Unknown MySQL Server Host...
Warning: MySQL Connection Failed...
No usernames/passwords. I have to say however that I
always include my connect.php file. Maybe that's a
secure way to connect without anyone seeing your
password in case of sqlserver problems.
Greetz,
Bjorn Van Simaeys
www.bvsenterprises.com
--- BRACK <[EMAIL PROTECTED]> wrote:
> If you have Apache and MySQL servers make this
> experiment -
> start Apache but "forget" to start SQL and go to
> your site
> http://localhost/... you will see yourself all the
> information on the
> screen.
>
> Youri
>
> On 7 Aug 2001, at 12:53, Ryan Christensen wrote:
>
> > I'm curious as to how the "hacker" would see all
> this information (the
> > username.. password, etc..) just by going to a
> site where the SQL backend
> > was down?
> >
> > Ryan
> >
> > > -----Original Message-----
> > > From: BRACK [mailto:[EMAIL PROTECTED]]
> > > Sent: Tuesday, August 07, 2001 12:36 PM
> > > To: [EMAIL PROTECTED]
> > > Subject: [PHP] MySQL connection
> > >
> > >
> > > I just wanned to bring the issue of security of
> MySQL connection:
> > >
> > > Let us imagine that SQL server was down for some
> hours (of
> > > course without us knowing it) and at the same
> hours our SQL site
> > > was visited by some kind of hacker, he can see
> on his screen all
> > > our SQL connection info like username,
> password, and database
> > > name. You may hide this information in different
> file than the file
> > > that your users open then the hacker will see
> something like
> > > "include("connect.inc");" or
> "require("connect.inc");" (of course IF
> > > server is down). So you may only imagine the
> consequences of
> > > this visit of the hacker. What can we do to
> protect our sensitive
> > > information if SQL server is down?
> > >
> > > Youri
> > >
> > > --
> > > PHP General Mailing List (http://www.php.net/)
> > > To unsubscribe, e-mail:
> [EMAIL PROTECTED]
> > > For additional commands, e-mail:
> [EMAIL PROTECTED]
> > > To contact the list administrators, e-mail:
> [EMAIL PROTECTED]
> > >
> > >
> >
>
>
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, e-mail:
> [EMAIL PROTECTED]
> For additional commands, e-mail:
> [EMAIL PROTECTED]
> To contact the list administrators, e-mail:
> [EMAIL PROTECTED]
>
__________________________________________________
Do You Yahoo!?
Make international calls for as low as $.04/minute with Yahoo! Messenger
http://phonecard.yahoo.com/
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
